Let my try to explain it completely ;) i configured something like that in my first Router. I think CARP etc. is not the problem here:
WAN (wan) -> igb0 -> v4: 212.168.31.131/29 FCSE_PUB (lan) -> igb1 -> v4: 212.168.31.2/25 HA_SYNC (opt1) -> igb3 -> v4: 10.0.0.1/24 The /29 Network is just a transfer-Net for the /25 Subnet. So i have to route the /25 thought the /29. In my Case it should be the .130 (CARP IP) I configured openVPN-Server to listen on one IP from the /25 Network (.1 CARP IP) VPN-Clients get a IP from 10.0.1.0/24 Network - that should be fine anyway. Connection etc. is working but when i make connections thought the VPN i will always see the IP from the WAN Interface but /25 are Public IPs so i want to have the (.1 CARP IP) show on remote Servers like google.com and so on. In Linux i just can setup the next hop like: ip r a 212.168.31.2/25 via 212.168.31.130 dev igb0 When it set the route with route add 212.168.31.0/25 212.168.31.130 i am not able to reach anythink. NAT is not needed i think because we use public IPs. So thats the reason why i am confused. traceroute -i igb1 web.de traceroute: Warning: web.de has multiple addresses; using 82.165.229.138 traceroute to web.de (82.165.229.138), 64 hops max, 40 byte packets 1 * * * 2 * * * On the Router-Site from my ISP all traffic to the /25 is routed to the .130 on my site. > Am 10.05.2016 um 21:57 schrieb Steve Yates <st...@teamits.com>: > > I'm a bit confused whether the /25 is your LAN subnet or another interface. > The OpenVPN tunnel network has to be a subnet that is on no other interfaces > including the remote PC's LAN. For example we have our data center using a > /29 for WAN, a /25 for LAN, 10.20.1.0/24 for PFSYNC, and 192.168.199.0/24 for > OpenVPN. 192.168.199.0/24 is just used to route packets from the remote PC > to behind the router. > > You wrote "/130" for the CARP WAN alias...I'm assuming that's a typo and > should be "/29" like the others. > > -- > > Steve Yates > ITS, Inc. > > -----Original Message----- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Eschner > Sent: Tuesday, May 10, 2016 2:32 PM > To: list@lists.pfsense.org > Subject: [pfSense] Routing Issue > > Hi there, > > i try to configure 2 PFsense Firewalls as the Following Setup: > > My ISP gave me a /29 ans Transfer-Network. I Setup the IPS as the following: > > x.x.x.131/29 PF1 > x.x.x.132/29 PF2 > x.x.x.130/130 CARP Interface (Redundant) > > After that i added x.x.x.2/25 and to another interface and created also a > CARP Interface with IP 1 (default gateway for Clients) > > Now i want to route the /25 thought the .130 IP for example that openvpn have > the IP from the /25 network. > When i establish a BPN Connection it shows me always the IP .131 > > Can it be changed for example change Outbound NAT or so that the .1 is shown > in the Interface? > All IPs are Public IPs > > Hope you understand what i mean ;) > > Cheers > > Daniel > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
